exploit the possibilities
Home Files News &[SERVICES_TAB]About Contact Add New
Showing 1 - 6 of 6 RSS Feed

CVE-2010-0624

Status Candidate

Overview

Heap-based buffer overflow in the rmt_read__ function in lib/rtapelib.c in the rmt client functionality in GNU tar before 1.23 and GNU cpio before 2.11 allows remote rmt servers to cause a denial of service (memory corruption) or possibly execute arbitrary code by sending more data than was requested, related to archive filenames that contain a : (colon) character.

Related Files

Ubuntu Security Notice USN-2456-1
Posted Jan 8, 2015
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 2456-1 - Michal Zalewski discovered an out of bounds write issue in the process_copy_in function of GNU cpio. An attacker could specially craft a cpio archive that could create a denial of service or possibly execute arbitrary code. Jakob Lell discovered a heap-based buffer overflow in the rmt_read__ function of GNU cpio's rmt client functionality. An attacker controlling a remote rmt server could use this to cause a denial of service or possibly execute arbitrary code. This issue only affected Ubuntu 10.04 LTS. Various other issues were also addressed.

tags | advisory, remote, denial of service, overflow, arbitrary
systems | linux, ubuntu
advisories | CVE-2010-0624, CVE-2014-9112
SHA-256 | 7f4272feef6a66ff929086843b468985c782176a57765ca3dfe31b71f12b8b84
Gentoo Linux Security Advisory 201311-21
Posted Nov 30, 2013
Authored by Gentoo | Site security.gentoo.org

Gentoo Linux Security Advisory 201311-21 - A heap-based buffer overflow in cpio might allow a remote rmt server to execute arbitrary code or cause a Denial of Service condition. Versions less than 2.11 are affected.

tags | advisory, remote, denial of service, overflow, arbitrary
systems | linux, gentoo
advisories | CVE-2010-0624
SHA-256 | ad033b6440ffd791abb4c68830d89b3569db4426500c37f2f7a3efe34d81876a
Gentoo Linux Security Advisory 201111-11
Posted Nov 21, 2011
Authored by Gentoo | Site security.gentoo.org

Gentoo Linux Security Advisory 201111-11 - A buffer overflow flaw in GNU Tar could result in execution of arbitrary code or a Denial of Service. Versions less than 1.23 are affected.

tags | advisory, denial of service, overflow, arbitrary
systems | linux, gentoo
advisories | CVE-2010-0624
SHA-256 | 3746f20494ec74f44d0067f12fceb02ac3f5570f1a17f9920a98a8a2780ca5e7
VMware Security Advisory 2010-0013
Posted Sep 1, 2010
Authored by VMware | Site vmware.com

VMware Security Advisory - The service console package cpio is updated to version 2.5-6.RHEL3. The service console package tar is updated to version 1.13.25-16.RHEL3. The service console packages for samba are updated to version samba-3.0.9-1.3E.17vmw, samba-client-3.0.9-1.3E.17vmw and samba-common-3.0.9-1.3E.17vmw. The service console package krb5 is updated to version 1.2.7-72. The service console package perl is updated to version 5.8.0-101.EL3.

tags | advisory, perl
advisories | CVE-2005-4268, CVE-2010-0624, CVE-2010-0624, CVE-2010-2063, CVE-2010-1321, CVE-2010-1168, CVE-2010-1447
SHA-256 | d9f282f0d9f5fec35a2bbedbc199700f42e61ad6e7d07ff47128d015784fd210
Mandriva Linux Security Advisory 2010-065
Posted Mar 23, 2010
Authored by Mandriva | Site mandriva.com

Mandriva Linux Security Advisory 2010-065 - Heap-based buffer overflow in the rmt_read__ function in lib/rtapelib.c in the rmt client functionality in GNU tar before 1.23 and GNU cpio before 2.11 allows remote rmt servers to cause a denial of service (memory corruption) or possibly execute arbitrary code by sending more (colon) character. The Tar package as shipped with Mandriva Linux is not affected by this vulnerability, but it was patched nonetheless in order to provide additional security to customers who recompile the package while having the rsh package installed. Packages for 2008.0 are provided for Corporate Desktop 2008.0 customers. The updated packages have been patched to correct this issue.

tags | advisory, remote, denial of service, overflow, arbitrary
systems | linux, mandriva
advisories | CVE-2010-0624
SHA-256 | c76ad343a946323626106b13f5b4855856acd6a8f4429eacd64b5224b9fafda3
Tar / Cpio Heap Buffer Overflow
Posted Mar 10, 2010
Authored by Jakob Lell

GNU Tar and GNU Cpio suffer from a heap-based buffer overflow vulnerability. Tar versions prior to 1.23 and Cpio versions prior to 2.11 are affected.

tags | advisory, overflow
advisories | CVE-2010-0624
SHA-256 | d24150b634cab2351df08efe4449b09dfe98932abdb966b3ab00c97293fcd9c2
Page 1 of 1
Back1Next

File Archive:

March 2024

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Mar 1st
    16 Files
  • 2
    Mar 2nd
    0 Files
  • 3
    Mar 3rd
    0 Files
  • 4
    Mar 4th
    32 Files
  • 5
    Mar 5th
    28 Files
  • 6
    Mar 6th
    42 Files
  • 7
    Mar 7th
    17 Files
  • 8
    Mar 8th
    13 Files
  • 9
    Mar 9th
    0 Files
  • 10
    Mar 10th
    0 Files
  • 11
    Mar 11th
    15 Files
  • 12
    Mar 12th
    19 Files
  • 13
    Mar 13th
    21 Files
  • 14
    Mar 14th
    38 Files
  • 15
    Mar 15th
    15 Files
  • 16
    Mar 16th
    0 Files
  • 17
    Mar 17th
    0 Files
  • 18
    Mar 18th
    10 Files
  • 19
    Mar 19th
    0 Files
  • 20
    Mar 20th
    0 Files
  • 21
    Mar 21st
    0 Files
  • 22
    Mar 22nd
    0 Files
  • 23
    Mar 23rd
    0 Files
  • 24
    Mar 24th
    0 Files
  • 25
    Mar 25th
    0 Files
  • 26
    Mar 26th
    0 Files
  • 27
    Mar 27th
    0 Files
  • 28
    Mar 28th
    0 Files
  • 29
    Mar 29th
    0 Files
  • 30
    Mar 30th
    0 Files
  • 31
    Mar 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2022 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close